CVE-2021-45669

Vulnerability

Stored cross-site scripting (XSS) vulnerability exists in the web management interface of multiple NETGEAR routers and WiFi systems. Affected models include RAX200, MR60, RAX20, RAX45, RAX80, MS60, RAX15, RAX50, RAX75, RBR750, RBR850, RBS750, RBS850, RBK752, and RBK852 running firmware versions prior to the fixed releases listed in the advisory [1]. The vulnerability allows an attacker to store malicious scripts that execute when an administrator accesses the affected interface.

Exploitation

An attacker must have network access to the device's management interface and be able to submit crafted input that is stored by the application. The exact attack vector is not detailed in the advisory, but typical stored XSS exploitation involves injecting script code into fields such as device name, SSID, or other configuration parameters that are later rendered without proper sanitization. No authentication is mentioned as required, but likely the attacker needs to be authenticated as an admin or have access to a vulnerable page.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the administrator's browser session. This could lead to session hijacking, credential theft, or further compromise of the device's configuration. The impact is limited to the web interface and does not directly provide remote code execution on the device.

Mitigation

NETGEAR has released fixed firmware versions for all affected models: RAX200 (1.0.3.106), MR60 (1.0.6.110), RAX20 (1.0.2.82), RAX45 (1.0.2.72), RAX80 (1.0.3.106), MS60 (1.0.6.110), RAX15 (1.0.2.82), RAX50 (1.0.2.72), RAX75 (1.0.3.106), RBR750 (3.2.16.6), RBR850 (3.2.16.6), RBS750 (3.2.16.6), RBS850 (3.2.16.6), RBK752 (3.2.16.6), and RBK852 (3.2.16.6) [1]. Users should update to the latest firmware via the NETGEAR Support website. No workarounds are provided.